- May 31, 2017
- 1,719
Very fire!!! Did I say that right?
Either way, thank you!
DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender
- Thread starter danb
- Start date
Either way, thank you!
Stelica
Level 2
- Sep 27, 2021
- 97
- May 31, 2017
- 1,719
Hey guys,
There was one more rule that needed to be added for Windows Updates, so here is the latest. If dismhost is still being blocked, please let me know how you trigger the block so I can reproduce it on my system. Other than that I think we are close.
DefenderUIPro 0.98 beta
SHA-256: dbc91b2f0dc2bcc954cd3edcfe7cccd1fec183832c9b08730a44e8193c78868f
BTW, the Microsoft Update debacle did not appear to be fixed today so I played around with it a little and found that if you delete the contents of the C:\ProgramData\Package Cache directory, then check for updates, it seems to have fixed the issue.
Thank you!
There was one more rule that needed to be added for Windows Updates, so here is the latest. If dismhost is still being blocked, please let me know how you trigger the block so I can reproduce it on my system. Other than that I think we are close.
DefenderUIPro 0.98 beta
SHA-256: dbc91b2f0dc2bcc954cd3edcfe7cccd1fec183832c9b08730a44e8193c78868f
BTW, the Microsoft Update debacle did not appear to be fixed today so I played around with it a little and found that if you delete the contents of the C:\ProgramData\Package Cache directory, then check for updates, it seems to have fixed the issue.
Thank you!
Stelica
Level 2
- Sep 27, 2021
- 97
For me Windows update works (Windows 10 Pro). After I reset the whitelist I had to allow dismhost.exe. It appears when I want to clean temporary files (disk cleaning). Thank you!
@danb Could you elaborate on how DefenderGuard works?
As far as I'm aware, malware can disable Defender by either adding entries like DisableScanOnRealtimeEnable/BehaviorMonitoring, etc. to the registry, by deleting the registry entries that allow Defender to function, or by adding itself to Defender's exclusions (if any of these have already been mitigated by Tamper Protection then please excuse my ignorance).
I'm curious to know how DefenderGuard works in reactivating Defender, and if/how it would do so if any of these scenarios occurred.
As far as I'm aware, malware can disable Defender by either adding entries like DisableScanOnRealtimeEnable/BehaviorMonitoring, etc. to the registry, by deleting the registry entries that allow Defender to function, or by adding itself to Defender's exclusions (if any of these have already been mitigated by Tamper Protection then please excuse my ignorance).
I'm curious to know how DefenderGuard works in reactivating Defender, and if/how it would do so if any of these scenarios occurred.
Last edited:
- Jan 29, 2017
- 1,201
@danb Excuse my inaccurate use of terms here... as temporarily, I have DUI uninstalled.
When I "disable all" I get a pop-up instructing me to change a Windows Security setting. The wording is quite unclear as to what/why/when I do this... or undo this.
Can you explain what this is about, and why I must manually change a security setting when selecting "disable all" and exactly what is the difference between the "yes" and "no" buttons on that pop-up? Each time I've done this, I have zero ideal of what I'm doing, and its effect on my PC security. Thank you.
When I "disable all" I get a pop-up instructing me to change a Windows Security setting. The wording is quite unclear as to what/why/when I do this... or undo this.
Can you explain what this is about, and why I must manually change a security setting when selecting "disable all" and exactly what is the difference between the "yes" and "no" buttons on that pop-up? Each time I've done this, I have zero ideal of what I'm doing, and its effect on my PC security. Thank you.
- May 31, 2017
- 1,719
When I try to reproduce the block with Windows Disk Cleanup, it does not trigger dismhost for some reason. I am pretty sure that rule is correct, but I can for sure fix it if I can reproduce the block. Is there anything special that you do when you launch disk cleanup? Thank you!
- Aug 17, 2014
- 11,108
DUI Pro 0.98 beta (Dynamic Security Postures: enabled). Here all works smooth, no slowdowns or any issues, I haven't noticed blocks so far
- May 31, 2017
- 1,719
DefenderGuard, as you guys can guess, is a component to further protect MD. One of the main features that I always wanted in MD was one that auto reactivated MD when the user disables it, so that is why the feature was initially developed. It currently does not monitor the registry for changes to MD, but DG is a work in progress and we can always add whatever new features and protections as we go. Thank you!
- May 31, 2017
- 1,719
Yes, when Tamper Protection is enabled there are a handful of features in DefenderUI that will not work, and MD Real-time protection is one of these features. So since MD Real-time protection is disabled, then Disable All is disabled as well. And this prompt is basically asking you if you want DefenderUI to take you to the place in MD where you can disable Tamper Protection. So if you click No, then nothing happens, but if you click Yes, DefenderUI will take you to the place in MD where you can disable Tamper Protection. Thank you!
- May 31, 2017
- 1,719
Sounds great, thank you for letting me know!DUI Pro 0.98 beta (Dynamic Security Postures: enabled). Here all works smooth, no slowdowns or any issues, I haven't noticed blocks so far
- Jan 29, 2017
- 1,201
Thanks for that explanation @danb ... I have a somewhat related question... an issue with my PC, not your app... When attempting to clean install .98, I get this...
Since I'm running Win10 Home x64 20H2, I'm curious where the installer program looks, so perhaps I can fix this once and for all (it has happened with other installations). Apologies for the semi-OT post.
Since I'm running Win10 Home x64 20H2, I'm curious where the installer program looks, so perhaps I can fix this once and for all (it has happened with other installations). Apologies for the semi-OT post.
- Jan 29, 2017
- 1,201
I'm still confused. After installing .98, I set the application to "Aggressive Profile". Doing so did not require me to disable Tamper Protection.
Which features in DefenderUI am I missing with the "aggressive" setting that would require me to disable WD Tamper Protection? Thanks!
- May 31, 2017
- 1,719
It's hard to say for sure because that is a flag that is set by Inno Setup (the software a lot of developers use to build their installers). I googled to see if I could find where Inno Setup looks in the registry, but could not find anything.Thanks for that explanation @danb ... I have a somewhat related question... an issue with my PC, not your app... When attempting to clean install .98, I get this...
Since I'm running Win10 Home x64 20H2, I'm curious where the installer program looks, so perhaps I can fix this once and for all (it has happened with other installations). Apologies for the semi-OT post.
I will PM you a different installer that does not specify the build number, it just specifies Windows 10 and above. So that might do the trick, I guess we will see
.I was unable to send a pm, so here is a link: InstallDefenderUIProTest.exe
- May 31, 2017
- 1,719
Yes, most of the features in DefenderUI do not require Tamper Protection to be disabled. The only features that do require Tamper Protection to be disabled are: Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions. So there are the only features that are not available, and this applies to all profiles. Thank you!
Stelica
Level 2
- Sep 27, 2021
- 97
Regarding dismhost it occurs when I request disk cleaning, system files cleaning (for example when I want to delete old restore points)
But I did not understand the issue discussed about tamper protection. I have DUI Pro in the recommended mode, tamper protection enabled and the only feature which does not work with tamper protection enabled is Threat Default action. Thank you!
But I did not understand the issue discussed about tamper protection. I have DUI Pro in the recommended mode, tamper protection enabled and the only feature which does not work with tamper protection enabled is Threat Default action. Thank you!
Last edited:
- Jan 29, 2017
- 1,201
Thanks. So a followup. On my system, Tamper Protection is enabled. However, on DefenderUI, all the features you listed, except for Threat Default Actions, show as enabled (I assume they are active when shown in blue). So maybe they aren't affected by Tamper Protection? Or there is something I've yet to grasp?
For example,
Thanks. That installer ran fine, but also, I was able to trigger the standard installer after rebooting. So I'll have to puzzle this out.
Stelica
Level 2
- Sep 27, 2021
- 97
I didn't understand either. The settings that appear active (shown in blue) are not available?
- Apr 24, 2016
- 7,256
Another positive report at Wilders:
www.wilderssecurity.com
DefenderUI Pro version 0.98 bêta fixed my slowdown problems on both my machines. Thanks to Dan
DefenderUI
There ya go. Unfortunately for stubborn Windows we sometimes are faced with process of elimination to drill down to issues. This one seems could be...
www.wilderssecurity.com
- May 31, 2017
- 1,719
We can go either way on this, and whatever makes the most sense to the end user is great with me. The reason Threat Default Actions are greyed out when Tamper Protection is enabled is because the Threat Default Actions settings are completely unavailable when Tamper Protection is enabled. Whereas with Scan Scripts, for example, the toggle button displays the current setting, but when the user clicks the toggle button, they get a prompt to let them know that it is not adjustable when Tamper Protection is enabled. So basically, it works exactly like it does in CD, except DefenderUI also has a prompt to let you know that the settings has not been changed, and that you have to disable Tamper Protection in order to adjust these settings.Thanks. So a followup. On my system, Tamper Protection is enabled. However, on DefenderUI, all the features you listed, except for Threat Default Actions, show as enabled (I assume they are active when shown in blue). So maybe they aren't affected by Tamper Protection? Or there is something I've yet to grasp?
For example,
Thanks. That installer ran fine, but also, I was able to trigger the standard installer after rebooting. So I'll have to puzzle this out.
BTW, the features that require Tamper Protection to be disabled (Real-time Protection, Behavior Monitoring, Scan all downloaded files and attachments, Script scanning and Threat Default Actions) are not a limitation of CD or DefenderUI. This limitation applies to all software that configures Defender's settings.
Similar threads
